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MEMORANDUM FOR: ODP/OS Joint Working Group 


25x11 FROM: | 
Security Officer, ObP 


SURJECT ¢ ODP/OS Joint Working Group Hinutes 


1. On 22 September 1981, the ODP/OS Joint Working Group ret 
in Room 2D~03, KReadquarters. The following were in attendance. 


25X1 


2. I88C will establish a policy on the destruction of 
magnetic tapes. ODP will degeuss the tapes and_the Office of 
Logistics will destroy the tapes by burning. [ | 25X1 


3. SPh discussed the Ludlow Encryption System with NSA but 
concluded there are serious format problems negating any 
advantages to the system. It would require a non-trivial change 
to the operating system. SPD would look at other alternatives 
including the enlargement of the password directory with «4 
tighter control on the directory. (i 25X11 


4. En response to an ISSG request, SPD is developing an 
alert system for incorrect leg-on or unauthorized use of the 
system. The system will report any exceptions to a security 
console that will be monitored on a 24 hour basis for immediate 
response. An alternative_is an electronic mail file that will be 

25X1 reviewed by security. 


5. The briefing of the B/DP and B/S will be conducted in 
December or January. The major items will include the status of 
ACF=2, Audit frail and Rocument Logging System. [ 25X41 
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6. Some problems develored in the purchase of the Cornell 
Mini-Disk Manager. There are a large number of modules and each 
module involves a license. Although rore of a management tool, 
the Cornell does provide seme security benefits. SPD will take 
action to contact OCL/PD for a resolution. fo 25X1 

7. A first effort to install the V-Link will be in the 
Special Center, It can control the vulnerability involved in a 
CcOTG. The owner defines who has accese to a disk and the 
identity is in the directory in the GOTC profile. Customer 
Services Staff would have the responsibility to build rules to 
mini~disks. This is a manuel operation and reguires contacting 
the disk owner for a list of those who have access. The V-Link 
is incorporated in the Cornell Manager and gives options to those 
who manage the disk. 


8. The subject arose concerning authorization to access and 
dump the date from someone's disk. The unwritten policy of ODP 
is not to dump a disk unless ea written request is received fron: 
the Director of the Component responsible for the disk. The 
right of the Component Pirecter to dump a disk is similar to his 
right to have a safe opened to review its contents.. Additionally 
the Form 4665, OPP Syetem Access Pequest, advises the requestine 
uger that the use cf these systems will be audited on @ periodic 
baris,. : 


9. IS8G will develop a policy on the responsibility for the 
assignment of pasawords. The need for a policy developed when 
the CAMS? Managers esked to control CAMS' passwords. In the 
beginning, the CAMS Manager issued and controlled the 
passwords. ODP assumed the responsibility ahout four years ago 
and it took a year to clear up the mess they inherited. Althouch 
the CAMS Manager presented some legitimate arguments for assuming 
password control, the Working Group was in aqreement that the 
fewer people involved with password contrel the hetter the 
control. 


i@, All members aqreed that a new directory of passwords 
mugt be developed. SPD will develop a new file with millions of 
words rather than the current 6,000 words that are reused. Under 
the intended scheme, a password would he issued only once for a 


prescribed period then removed from the system when replaced. 
[| | | 25X1 
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